Vulnerability Development mailing list archives
Re: C versus other languages, round 538 or so (Re: CGI scripts in sh)
From: Ben Galehouse <bgalehou () PACBELL NET>
Date: Mon, 25 Sep 2000 20:36:25 -0700
Jonathan James wrote:
A well experienced C/C++ programmer knows how to avoid the black holes that exist in regards to buffer overflows/unexpected input. All you have to do is to structure and think through your software design thoroughly before you turn your idea into code.
In theory, theory in practice are the same, in practice.... In theory, de-allocation of RAM is something that the programmer can take care of. In practice, I once heard a CMU C.S. prof (one of the less theory oriented ones) discuss debugging some X-windows program which kept seg-faulting. He couldn't figure out which pointer was being held by the libraries, so he was randomly removing free statements. In theory, buffer overflows are avoidable and findable. In practice, they keep popping up, often after years of code audit. In theory, the unix 2-level trust model provides all the security that one could possibly need. In practice, I'd love an easy way to tell the OS to only let a web-browser or email reader access certain files.
As for C v. Perl I would choose C. Why? Because Perl is an interpreted language, we don't know if there exists any flaw in the perl interpreter. When you create a CGI script using C you know what you get. The CGI scripts run faster offers more control and possibilities, you can distribute your CGI scripts without giving away the sourcecode.
Have you ever worked on a sizable program? Especially a CGI script, or system thereof? If I want a program that executes wrinkle free, I'll write it in Standard ML and execute it on of those little byte compiler systems for it. If, in addition, I need for others to be able to read it or maintain it, I'll write it in Java (the ussual case).
Current thread:
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh), (continued)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Jonathan James (Sep 24)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Bluefish (P.Magnusson) (Sep 25)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Jonathan James (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Bluefish (P.Magnusson) (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Jonathan James (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Bluefish (P.Magnusson) (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Jonathan James (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Reid Nichol (Sep 29)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Adam Clarke (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Ben Galehouse (Sep 30)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Ben Galehouse (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Jonathan James (Sep 27)
- Re: C versus other languages,round 538 or so (Re: CGI scripts in sh) Crispin Cowan (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Ryan Masters (Sep 24)
- Re: IP Spoofing with DHCP ? Matthew S. Hallacy (Sep 19)